Basic network troubleshooting

This document describes how to do basic network troubleshooting.
It shows the tools and the (un)common output with them.

Jargon

remote host: the machine you're trying to find information about.

alias: a different name for a machine.

ttl: Time To Live value

hop: A router in the path of an IP packet from your
machine to a remote host.

Ping

Ping is a basic tool to see if there is IP connectitivy towards
the remote host. The basic syntax is ping <hostname>,
for example ping www.mavetju.org. It will print a line
for every answer it received. If you ping a remote host and you
receive an answer from it then the machine is reachable on IP level.

Although you try to ping www.mavetju.org, it
actually tries to ping topaz.mdcc.cx. That's because
www.mavetju.org is hosted on that machine.

Lines 3 to 6:

It says it received answer from 212.204.230.141. Sometimes
it receives answers from other machines. See later examples
about these situations.

The TTL of the received packet is 237. The TTL is an 8 bit
digit, which means it can be from 0 to 255. At start it's
set tp 255 and every hop on the way towards your machine
decreases it by one. So this it took 255 - 237 = 18 hops
to get from topaz.mdcc.cx towards my machine.

The time it took to receive an answer since the original
request. This is an indication for how reachable the remote
host is. The reason for these huge numbers for me is because
I'm going from Australia towards the Netherlands.

Line 9 and 10:

At the end it shows how many packets were send and how many
were received. This is an indication for the reliability
of the line.

and it shows the fastests, avaraged, slowests and deviation
of the times.

Blocked hosts

Sometimes people don't want their hosts to be pinged and have
configured their routers to block ping-packets. You might see such
an output then:

The reason why it replied was Communication prohibited
by filter. That means that the router was configured
to block ping-packets towards that machine.

Lines 4 and 5:

This is a dump of the IP header and gives some information
regarding the TTL and the source and destination IP addresses.

Unreachable hosts and networks

Sometimes when an ISP has problems with its connectivity towards
the internet you see messages regarding Destination Host
Unreachable or Destination Network Unreachable. This
means that the routers on the internet don't know where to find
that IP address.

It didn't print anything and at the end it said: 100% packet loss. That means
that the machine is unreachable. It didn't send any usefull to
debug. See later example with traceroute how to investigate further.

Traceroute

Traceroute is used to find out the route IP packets use to come to
a remote host. The basic syntax is traceroute <host>,
for example traceroute www.mavetju.org. It will print one
line per hop.